Mark Millard
2016-Oct-25 18:40 UTC
stable/11 -r307797 on BPi-M3 (cortex-a7): truss gets segmentation fault for handling unknown system call
[The following has been reported in:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213778 .]
In trying to build lang/gcc6 xgcc's cc1 got some SIGSYS examples. In trying
to track things down I ran into truss getting a SIGSEGV when it tries to handle
the situation. . .
In truss's enter_syscall there is (from a live gdb on truss, after the
segmentation fault):
380 t->cs.name = sysdecode_syscallname(t->proc->abi->abi,
t->cs.number);
381 if (t->cs.name == NULL)
(gdb)
382 fprintf(info->outfile, "-- UNKNOWN %s SYSCALL %d --\n",
383 t->proc->abi->type, t->cs.number);
384
385 sc = get_syscall(t->cs.name, narg);
386 t->cs.nargs = sc->nargs;
387 assert(sc->nargs <= nitems(t->cs.s_args));
388
389 t->cs.sc = sc;
(gdb) print *t
$2 = {entries = {le_next = 0x0, le_prev = 0x20617070}, proc = 0x20617060, tid =
100150, in_syscall = 1, cs = {sc = 0x0, name = 0x0, number = 580828064, args =
0x2061b0c0, nargs = 0,
s_args = 0x2061b0ec}, before = {tv_sec = 1477418265, tv_nsec = 492342263},
after = {tv_sec = 1477418265, tv_nsec = 492496630}}
(gdb) print sc
$3 = (struct syscall *) 0x0
So line 386 listed above gets a segmentation fault for sc->nargs when
t->cs.name is a NULL pointer: sc ends up NULL.
Looking at the two things that the fprintf on lines 382 and 383 would report:
(gdb) print t->proc->abi->type
$4 = 0x10166 "FreeBSD ELF32"
(gdb) print t->cs.number
$5 = 580828064
(gdb) print narg
$6 = 0
(that last is for context for the get_syscall arguments).
FYI: 580828064 = 0x229EBBA0
Context:
root at bananapi-m3:/usr/ports # uname -apKU
FreeBSD bananapi-m3 11.0-STABLE FreeBSD 11.0-STABLE #0 r307797M: Mon Oct 24
00:41:16 PDT 2016 markmi at
FreeBSDx64:/usr/local/src/crochet/work/obj/arm.armv6/usr/src/sys/ALLWINNER arm
armv6 1100505 1100505
==Mark Millard
markmi at dsl-only.net
John Baldwin
2016-Oct-28 14:29 UTC
stable/11 -r307797 on BPi-M3 (cortex-a7): truss gets segmentation fault for handling unknown system call
On Tuesday, October 25, 2016 11:40:38 AM Mark Millard wrote:> [The following has been reported in: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213778 .] > > In trying to build lang/gcc6 xgcc's cc1 got some SIGSYS examples. In trying to track things down I ran into truss getting a SIGSEGV when it tries to handle the situation. . . > > In truss's enter_syscall there is (from a live gdb on truss, after the segmentation fault): > > 380 t->cs.name = sysdecode_syscallname(t->proc->abi->abi, t->cs.number); > 381 if (t->cs.name == NULL) > (gdb) > 382 fprintf(info->outfile, "-- UNKNOWN %s SYSCALL %d --\n", > 383 t->proc->abi->type, t->cs.number); > 384 > 385 sc = get_syscall(t->cs.name, narg); > 386 t->cs.nargs = sc->nargs; > 387 assert(sc->nargs <= nitems(t->cs.s_args)); > 388 > 389 t->cs.sc = sc; > > (gdb) print *t > $2 = {entries = {le_next = 0x0, le_prev = 0x20617070}, proc = 0x20617060, tid = 100150, in_syscall = 1, cs = {sc = 0x0, name = 0x0, number = 580828064, args = 0x2061b0c0, nargs = 0, > s_args = 0x2061b0ec}, before = {tv_sec = 1477418265, tv_nsec = 492342263}, after = {tv_sec = 1477418265, tv_nsec = 492496630}} > > (gdb) print sc > $3 = (struct syscall *) 0x0 > > So line 386 listed above gets a segmentation fault for sc->nargs when t->cs.name is a NULL pointer: sc ends up NULL. > > Looking at the two things that the fprintf on lines 382 and 383 would report: > > (gdb) print t->proc->abi->type > $4 = 0x10166 "FreeBSD ELF32" > > (gdb) print t->cs.number > $5 = 580828064 > > (gdb) print narg > $6 = 0 > > (that last is for context for the get_syscall arguments). > > FYI: 580828064 = 0x229EBBA0I have a patchset I have tested some in a git branch that I believe fixes handling of unknown system calls. Please try this: https://github.com/freebsd/freebsd/compare/master...bsdjhb:truss_unknown (Add .diff to get a diff you can apply with patch) -- John Baldwin